SANS Digital Forensics and Incident Response Blog

Windows Memory Analysis In-Depth - Discount Code = WINDEX = 10% Off #DFIR

Memory analysis skills are one of the most in-demand skills for digital forensics, incident response, and malware analysts today. SANS is introducing a brand new 5-day class dedicated to Windows Memory Forensics. The hands-on course, written by memory forensics pioneer Jesse Kornblum, is incredibly comprehensive and a crucial course for any investigator who is analyzing intrusions.

SANS is offering a 10% discount off the FOR526 course for the following events: Discount Code: WINDEX

  1. Security West 2013 - San Diego, CA - May 9-13 - http://www.sans.org/info/128955
  2. SANSFIRE 2013 - Washington, DC - June 17-21 - http://www.sans.org/info/128960
  3. Network Security 2013 - Las Vegas, NV - September 16-20 - http://www.sans.org/info/128965

Windows Memory Forensics In-Depth

Malware can hide, but it must run — The malware paradox is key to understanding that while intruders are becoming more advanced with anti-forensic tactics and techniques, it is impossible to hide their footprints completely from a skilled incident responder performing memory analysis. Learn how memory analysis works through learning about memory structures and context, memory analysis methods, and the current tools used to parse system ram.

Attackers will use anti-forensic techniques to hide their tracks. They use rootkits, file wiping, timestamp adjustments, privacy cleaners, and complex malware to hide in plain sight avoiding detection by standard host-based security measures. Every action that adversaries make will leave a trace; you merely need to know where to look. Memory analysis will give you the edge that you need in order to discover advanced adversaries in your network.

FOR526 — Windows Memory Analysis In-Depth is one of the most advanced courses in the SANS Digital Forensics and Incident Response Curriculum. This cutting edge course covers everything you need to step through memory analysis like a pro. We hope to see you there.

FOR526 In The News

Jesse was also just featured in multiple articles on his new class and his thoughts regarding training.

- NetworkWorld —

http://www.networkworld.com/newsletters/techexec/2013/032213bestpractices.html?source=NWWNLE_nlt_it_best_practices_2013-03-25

- Security Bistro —

http://www.securitybistro.com/blog/?p=5799

Looking for free Memory Forensics resources?

SANS Memory Forensics Cheat Sheet: http://computer-forensics.sans.org/info/128975

https://blogs.sans.org/computer-forensics/files/2013/04/For508_HANDOUT_Memory_Forensics_Cheat_Sheet_v1_2.pdf

Memory forensics webcasts:

  1. How memory forensics will help you lose weight and look ten years younger - with Jesse Kornblum- http://www.sans.org/info/128980
  2. Memory Forensics for Incident Response with Hal Pomeranz -http://www.sans.org/info/128985
  3. Introduction to Windows Memory Analysis with Chad Tilbury - http://www.sans.org/info/128990

Windows Memory Forensics In-Depth - Discount Code for 10% off: WINDEX